We are using GPO to apply Site to Zone assignements for our users so that we can add some specific addresses into their Internet Explorer's Intranet and Trusted zones.
Using the Site to Zone GPO setting I have setup..
*.domain.com 1
The "domain.com" is our internal domain so I want anywebsite.domain.com to be treated as an intranet site to allow for SSO authentication to some of these websites that support it.
However this does not seem to work, adding *.domain in the local intranet zone prompts for a password when trying to hit websites that make use of SSO.
When I add the complete address of the internal site that prompts for a password "mywebsite.domain.com" to the local intranet zone then SSO works and the user is not prompted for a password.
I am trying to set this up so we don't always have to add websites into this GPO setting and wait for it to apply on client computers etc.. instead use *.domain.com to cover any subdomain.
Why can't we use wild cards in the site to zone assignment for local intranet or is my syntax incorrect?
To recap, a setting like this does not allow SSO:
*.domain.com 1
This works:
mywebsite.domain.com 1
support.domain.com 1
The number "1" is the zone assignment, in this case "Local Intranet Zone" in Internet Explorer.
Thanks.
Best Answer
Easy thing. Just say http://*.DOMAIN.COM 1
*.domain.com isnt enough